I am using bro 2.5 and i cant get this working https://github.com/sooshie/bro-scripts/blob/master/misc/vt_check.bro
I see curl running on request and succefully submitted on virustotal but i get this error:
1490780707.065084 error in /opt/bro/share/bro/bro-extra/vt_check.bro, line 79: no such index (VTCHECK::temp[2])
1490780707.065084 error in /opt/bro/share/bro/bro-extra/vt_check.bro, line 74: no such index (VTCHECK::temp[2])
1490780707.065084 error in /opt/bro/share/bro/bro-extra/vt_check.bro, line 91: value used but not set (VTCHECK::positives)
Anyone made this work or anything similar?
I can’t get either this example working https://www.sans.org/reading-room/whitepapers/detection/detecting-malicious-smb-activity-bro-37472
Thanks in advanced